Monero

[Whoopiegoldburgg222]

I feel like this will be the future of crypto the way things are heading, with governments and banks all of a sudden are getting behind bit coin. If anyone has any knowledge or can teach us about this new crypto, and how about getting around Kyp or whatever it's called lol.  Basically a step by step that many people have done for bit coin, I just really feel like This is where we really need to be focused on, things change quickly and we need to catch up.

 

[Clarissa]

I agree.  If I had the time I would contribute to the Monero C++ repository  

 

[Whoopiegoldburgg222]

@Clarissa  I have been doing some light research today, I'll try to post some YouTube videos that I found pretty helpful. I just need to learn how to switch to moreno from btc,  Which I think I have that part figured out. Just need to find a good wallet to send to bc the one I use only deals with btc currently. But  I'm sure with more time we can have more peeps jump in and spread that knowledge!

 

[Clarissa]

@Clarissa  I have been doing some light research today, I'll try to post some YouTube videos that I found pretty helpful. I just need to learn how to switch to moreno from btc,  Which I think I have that part figured out. Just need to find a good wallet to send to bc the one I use only deals with btc currently. But  I'm sure with more time we can have more peeps jump in and spread that knowledge!

You mean just do Monero to Monero transactions completely?  I'm not sure if Monero would work with a BTC receiver because aren't they using cryptography to shield sending and receiving addresses and transacted amounts?  Unless it's a sort of plug-in.  It also looks like there are Monero wallets.  Maybe they aren't meant for BTC or other types of crypto.

 

[Whoopiegoldburgg222]

 @Clarissa You just purchase btc then convert to moreno there are websites/aps for this. I don't think moreno to moreno exist  (could be and probably totally wrong about that), but then again this is why I made this thread, to learn.

 

[Clarissa]

@Whoopiegoldburgg222 I brought back some goodies for you from the DN (don't ask, personal project lately), and I'm actually about to answer your OP.  I cannot take credit for all of this, but I left my personal comments below in purple.

Tutorial for Super Secure Monero Purchases

1. Buy Bitcoin by any means necessary, it doesn't matter if you link your personal identity to this purchase.

2. Once you have your Bitcoin, withdraw it into a holding wallet.

   -- At this stage, ensure you're using a secure environment like Tails -- 

   Yeah maybe we can come up with a better option for people not using DNM's.  I think having a VPN running should be enough ( @DoomKitty can you confirm this?)  Or maybe it is enough just to install the TOR browser to perform these steps with a VPN setup?  Your non-tor browser is leaving a lot of fingerprints and identifying information.

3. Use one of the many Bitcoin > XMR exchanges, send your funds to a fresh XMR wallet.  I used the CakeWallet app for this step because you can exchange funds and keep an XMR wallet, but this goes against the "secure environment" instruction.  CakeWallet is pretty straightforward, but I can do a separate tutorial on that if needed.  See below for desktop alternatives.

4. Send the funds from the first XMR wallet to a new XMR wallet.  For this step you can just use one of the Monero wallets.  They have a GUI and a command line interface.  I installed both.  I did this all from Tails (which is just Debian Linux), but there are downloads for Windows https://www.getmonero.org/downloads/  I believe this step is suppose to break the chain and make you untraceable.

5. Your XMR is now ready for use on any market you so desire.

    - You always send your Bitcoin from the exchange into a wallet you hold, this is to prevent the exchange from holding payments to addresses they have "deemed" as illegal. While BTC > XMR exchanges are not exactly illegal, or do they have the ability to obtain every address used by said exchange it's best just to do this to avoid any risk. My sources for this are when sites like Coinbase track certain addresses and prevent withdrawals to them.

    - You always send your exchanged XMR to a separate wallet to avoid direct contact with the first wallet (which has a link to your Bitcoin).

    This entire process (assuming XMR has no security flaws) is 99% secure, the 1% accounts for acts of god. Now can you still get caught? Sure, the drugs that are sent can most of the time always be linked with somebody/something that likely has a link to you. If the drugs are found and you do get caught an audit of your bank account/payment method could be found which would match up with the approximate value of the Bitcoin you purchased.

    Is this likely to happen? Probably not.

More Tips:

A few are written by me:

• Other Bitcoin > XMR exchanges besides CakeWallet (remember, we should always be in a secure environment and apparently doing anything on your phone puts you at risk).
  

These require no KYC:

https://www.morphtoken.com/

MorphScript (you can use on your own MorphScript, without an account)

Elude  (http://elude.in/ doesn't seem to work on my clearnet browser)

Unlink

Bisq

• Or you can just buy Monero directly without KYC through a P2P service like LocalMonero https://localmonero.co/ or Bisq https://bisq.network/
  

 

[DoomKitty]

@Clarissa Thanks for the excellent post!

The reason TAILS (and TAILS isn't "just" debian linux, so please people dont think you can substitute debian linux!!) is considered best is because everything you are doing will ONLY go through TOR.  Just using a VPN comes with the risk of various leaks (webrtc, dns, etc) as well as improper killswitches leading to IP exposure.  And with TAILS nothing is stored either on your computer or the usb, so someone cant check logs later.  Its already been shown in the wild that LE have issued warrants on btc>xmr companies for server log info on transactions (IPs).    Also, using TOR browser can have heaps of fingerprints, especially depending on how its setup.  Its sort of one of those things where you just have to decide which level of security you are comfortable with given what you are doing or planning to do.  And yes, for optimal security, absolutely nothing should be done via a normal mobile. 

Also here is a regularly updated website on non-KYC options for btc and xmr: NoKYC

@Clarissa What is "Unlink"?  Not familiar. 

 

[Whoopiegoldburgg222]

@Clarissa I cant thank you enough!! This is amazing info. Im currently stuying how to PGP so this is literally perfect timing. (Im a noobie I only know btc)

 

[Clarissa]

@Clarissa Thanks for the excellent post!

The reason TAILS (and TAILS isn't "just" debian linux, so please people dont think you can substitute debian linux!!) is considered best is because everything you are doing will ONLY go through TOR.  Just using a VPN comes with the risk of various leaks (webrtc, dns, etc) as well as improper killswitches leading to IP exposure.  And with TAILS nothing is stored either on your computer or the usb, so someone cant check logs later.  Its already been shown in the wild that LE have issued warrants on btc>xmr companies for server log info on transactions (IPs).    Also, using TOR browser can have heaps of fingerprints, especially depending on how its setup.  Its sort of one of those things where you just have to decide which level of security you are comfortable with given what you are doing or planning to do.  And yes, for optimal security, absolutely nothing should be done via a normal mobile. 

Also here is a regularly updated website on non-KYC options for btc and xmr: NoKYC

@Clarissa What is "Unlink"?  Not familiar. 

@DoomKitty Thanks for the clarification.  I meant to make the comparison that Monero CLI will work on any Linux system (or even Windows as matter of fact).  So are we agreeing that a bootable TAILS OS is required for this example?  A lot of people ask how to get around these things by running from their normal desktop, blah blah.  I thought maybe there was a half-decent solution.  Well according to #3, should we be using CakeWallet for that Exchange transaction?  Because the exchange automatically adds it to the CakeWallet's wallet address.

Yeah I'm not sure about Unlink either.  I can't find any reference to it on the clearnet.  I got this from The Hub.  Seem like good people for security.

@Clarissa I cant thank you enough!! This is amazing info. Im currently stuying how to PGP so this is literally perfect timing. (Im a noobie I only know btc)

@Whoopiegoldburgg222 I'm doing a bit of a side-project/experiment/new hobby thing with the DN, so I'll post whatever I continue to learn! What OS are you using for PGP?  I HIGHLY recommend Kleopatra for Windows (I had no idea what I was doing, but was able to figure it out in a few minutes), and for Linux use the gpg GNU tools on the command line.

 

[Whoopiegoldburgg222]

@Clarissa

Ill keep an eye out for your post whenever you do! Its def something that takes a little time and commitment to get down, I just need to quit procrastinating lol

Im going to go with your rec and try out Kleopatra , for some reason Linux really intimidates me lmao but that could just be cause  I havent really put in the time yet.

 

[DoomKitty]

@Clarissa   I would say: TOR Browser in TAILS>TOR Browser not in TAILS>Normal browser with VPN>Normal browser without VPN.  And then people can make a decision depending on how intense they feel their opsec should be!  Obvs vendors need to have muuuuuch tighter opsec than someone occasionally buying for personal use, and should be doing ANYTHING vendor related from TAILS imo.  As far as CakeWallet , I use it (on phone with vpn that has non-defective killswitch), but for tightest opsec, you wouldnt want to b/c its mobile.   For best security (as well as longterm storage) you also want your monero wallet to be using a local node (you download the entire blockchain) rather than a remote node.   Again, thanks so much for putting together that excellent write up!!! So rad.

If you are learning PGP on a mac i would recommend looking at the suite of tools called GPGTools.  Heaps nice UI, and very user-friendly with excellent guides on their website to quickly understand PGP and how to use it. 

 

[Whoopiegoldburgg222]

@DoomKitty

Im all out of reactions but thank you for this info!!

 

[Clarissa]

@Clarissa

Ill keep an eye out for your post whenever you do! Its def something that takes a little time and commitment to get down, I just need to quit procrastinating lol

Im going to go with your rec and try out Kleopatra , for some reason Linux really intimidates me lmao but that could just be cause  I havent really put in the time yet.

@Whoopiegoldburgg222 I didn't understand your level of overall computer knowledge.  You really only need Linux if you are a software developer or in the computer science business (I know I'll get negative feedback for saying that).  So don't worry at all.  

Just stick with GUI desktop applications if that's what you are comfortable with.  There is no reason you need to directly access the command line in this case.  Unless your my old college advisor who used the command line to send emails to people, lol.

The first thing you'll want to do is create keys.  In Kleo, this is File->New Key Pair.  Make sure you choose 4096-bit keys!! The rest should be self-explanatory, but if it's not just message me.  It will generate two keys - a private and a public.  You won't really have access to your private key.  It stays hidden in the software.  But you'll want to share your public keys with others.  We should have a PGP thread where we practice creating keys and encrypting/decrypting each others messages.  They actually have that on one of the DN forums.  I think it's a good idea we have that here too.

Yes and keep an eye out for new information.  Or even better.  I'll take requests! That will help narrow down topics that people are interested in learning.

What is "Unlink"?  Not familiar. 

@DoomKitty My suspicions were right, it's an onion site.  I checked it out last night.  It looks legit.  Nice easy API/interface to use.  Lots of people are raving about it.

Unlink - Convert BTC to Monero and back safely:  http://olnjdsj745kqe62evxtdkcohvgknnpgho7asvxkmfzzu53im7afklxqd.onion

As far as CakeWallet , I use it (on phone with vpn that has non-defective killswitch), but for tightest opsec, you wouldnt want to b/c its mobile.   For best security (as well as longterm storage) you also want your monero wallet to be using a local node (you download the entire blockchain) rather than a remote node.

For this basic tutorial, I was following the instructions on Monero's own website and they were suggesting to use a remote node.  I didn't realize you could download the entire chain.  Would you have to keep updating it?  Or are you talking about mining?

People were talking about using burners for the CakeWallet step or anything having to do with a phone.  Does ProtonVPN also cover mobile?  Or you use something else?

 

[Clarissa]

I would say: TOR Browser in TAILS>TOR Browser not in TAILS>Normal browser with VPN>Normal browser without VPN. 

@DoomKitty Why not TOR Browser not in TAILS with a VPN and all other desktop windows/applications shut (to prevent leaks)?

 

[DoomKitty]

@Clarissa The debate of to VPN or not to VPN when using TOR is too exhausting ((heres some explanation: TORVPN) so i didnt mention it.   And the security of VPNs varies way too much depending on who you are using.  But yes, making sure no other apps are running (your computer will still be able to do non-app related internet traffic so leaks will still be able to happen) to lesson leaks is a good tip!

 

[Clarissa]

I'm sometimes too lazy to switch to my bootable Tails because then I can't use DBG or access anything else on my desktop.  And I can't use protonmail on Tails even though there's an onion for it.  I mean why make an onion site in JAVASCRIPT.  WTF.

I'm not sure what's worst, doing all that research or just constantly rebooting my computer.

 

[DoomKitty]

@Clarissa The reasons for not using mobiles are more complex i believe than just attaching to your identity.  So using a burner might not be suited for those looking for the utmost in security.   Look on thehackernews or similar sites for heaps of articles on different kinds of cell tower/cell company hacks. 

Yes you download the entire blockchain.  It regularly syncs when you open the wallet so its regularly updating yes.  Im not up to date with all the various things that can happen when using various remote nodes, so im only speaking from general knowledge ive gathered reading the r/Monero reddit page.  I do not use a local node, but would if i was doing long term storage. 

Yes, ProtonVPN has a mobile version.  Protonmail using javascript on their onion site is just fucking trash imo and makes me even more highly suspect of them than i already am.

 

[Clarissa]

@DoomKitty I thought ProtonVPN was one of the good ones without logging and such.  Or did you only recommend it because I was asking about connecting to TOR nodes?  I forget, but I've been using it.  Their onion is completely inaccessible.  I mean even turning off ALL browser safety, I still wasn't able to get to the login page.  That shouldn't happen.

 

[Whoopiegoldburgg222]

@Clarissa

My general knowledge is Very basic , I was mostly using TOR , Proton VPN and btc. Honestly Ive been too dependant on them and need to learn more but yeah linux sounds like Id be giving myself a headahce if it isnt totally nessary for me lol

Id totally be down to test each others PGP I think thats a great idea! Whenever we get some time maybe we can all join in.